metamask wallets compromised alert

Hundreds of crypto enthusiasts woke up to empty wallets this month as a massive attack targeting MetaMask users has drained over $107,000 since January 2026. The coordinated theft spans nine major chains including Ethereum, BNB Chain, Base, and Arbitrum. Most victims didn’t even notice at first. That’s by design.

The hackers are playing it smart. No massive withdrawals here — just small amounts under $2,000 per wallet. Death by a thousand cuts. The largest chunk of stolen funds sits on Ethereum ($54,600) with BNB Chain holding another $25,500. The rest? Scattered across other chains like digital breadcrumbs.

Death by a thousand cuts—small thefts under $2,000 per wallet keeping victims oblivious while their crypto silently vanishes.

Behind the scheme is a convincing phishing email. It’s got the MetaMask fox wearing a party hat. Cute, right? Wrong. The message claims users need a “mandatory 2026 system upgrade” — a classic pressure tactic to make people click without thinking. Spoiler alert: MetaMask doesn’t send upgrade notices via email.

This isn’t crypto’s first rodeo with sophisticated scams. Just last December, a tainted Chrome extension for Trust Wallet made off with $7 million after compromising 2,596 wallets. The incident was part of a troubling trend with 26 major exploits reported in December alone. Security experts suspect a connection between the two incidents. Same playbook, different target.

Blockchain sleuth ZachXBT has been tracking the suspicious address collecting these stolen funds. Meanwhile, analyst Vladimir S. points to the fake MetaMask email as the likely Trojan horse, while Anndylian raises eyebrows about potential insider involvement. Nobody has identified the exact technical exploit yet.

The thieves’ strategy resembles a digital parasite — slow, methodical, flying under the radar. No flashy heists, just persistent draining. The Trust Wallet hack from December involved a tainted npm package that compromised the security infrastructure. Victims could have better protected themselves by using cold storage for their long-term cryptocurrency holdings, keeping assets safely offline and away from these online threats. They’re counting on victims being too busy to notice small transactions.

The crypto community is left wondering: what’s the vulnerability? A compromised extension? Malicious code? The mystery deepens while wallets continue emptying. One thing’s certain — that urgent update email isn’t from MetaMask. It’s from someone who wants your crypto.

Leave a Reply
You May Also Like

Mt. Gox Hacker-Linked Wallet Stealthily Moves 2,300 Bitcoin

A mysterious wallet linked to the Mt. Gox hack is moving thousands of Bitcoin in stealthy transactions. Who’s really behind it? The plot thickens.

Inside the Truebit Exploit: Hacker Launders $26M in ETH Through Tornado Cash

A $26M heist shook the crypto world as a hacker exploited a flaw and laundered ETH through Tornado Cash. What does this mean for the future?

PDF24 Installer Hijack: Inside the Stealthy PDFSIDER In‑Memory Backdoor Campaign

A critical flaw in PDF24 Creator exposes businesses to severe risks. Will your data be the next casualty? Learn how to protect yourself.

Alarming Solo Hacker Used Infostealers to Access Data at 50 Global Companies

A single hacker wreaked havoc on 50 companies, exploiting basic security flaws. What shocking secrets did they steal, and how can you protect your business?